August Stealer

What is August Stealer?

August Stealer is a Trojan infection spotted in the wild for the first time around 10/20/2016. Unfortunately, it seems that it is possible to encounter it these days too. Yes, this malicious application is still active. Malware analysts are not surprised at all that this infection is still distributed by cyber criminals because the malicious macro that drops August Stealer on victims’ computers can be purchased on the dark web. According to researchers, it seems that August Stealer does not focus on infiltrating ordinary users’ computers. Most probably, it is mainly used to steal information from large companies. It is usually too late when they detect this infection. It can steal a bunch of private details during a short period of time, so when it is discovered, cyber criminals behind it already have some information in their hands. It takes time to detect Trojans stealing information. Additionally, it is not so easy to remove them, so we highly recommend cleaning all affected computers automatically, i.e. using a powerful antimalware scanner.

Where does August Stealer come from?

As mentioned, August Stealer targets companies primarily. In most cases, malicious emails containing a .doc document are sent to customer support. Specialists get an email claiming that more detailed information regarding the issue is provided in the attached document. This file contains malicious macros and drops the Trojan infection on the computer if opened. At this point, August Stealer starts its dirty job, i.e. stealing the personal information. Even though these malicious emails sent to employees in the customer support department look genuine, it is still possible to recognize them and thus prevent August Stealer from entering the system. The first symptom that the email received might be malicious is the attached Word document. Teach your employees not to open random files they receive! Second, these emails contain personalized subject lines that include the recipient’s domain. For example, Duplicate charges on [domain], Need help with order on [domain], and [domain]Support: Products disappear from the cart during checkout. In other words, all these subject lines address some kind of problem on the specific domain.

What does August Stealer do?

August Stealer is extremely nasty infection, as research conducted by malware researchers has shown. It has been observed that it might steal and upload files that contain specific extensions to its C&C server. Second, it can steal cryptocurrency wallets. Third, it can steal FTP credentials. Specifically speaking, it is capable of getting personal information from these FTP clients: FileZilla, CoreFTP, CuteFTP, SmartFTP, WinSCP, and Total Commander. Fourth, it might obtain credentials from Pidgin, LiveMessenger, and other instant messaging programs. Fifth, August Stealer steals cookies and passwords from the most popular web browsers, including Mozilla Firefox and Google Chrome. Last but not least, it sends some technical information about the affected computer to its C&C server, for example, hardware ID, OS information, victim’s username, and what kind of security tool is installed on the system. In other words, it accesses the most valuable information.

Unfortunately, it is not so easy to prevent August Stealer from entering computers and stealing information from them. It has been observed that it uses several techniques in order not to be detected easily. For instance, the malicious application itself comes obfuscated. Additionally, it is dropped on the victim’s computer using PowerShell. Of course, it does not mean that there is nothing that can be done to avoid this Trojan. Since it is mainly spread via emails with the .doc attachment, such emails should be inspected carefully before they are opened. Also, a security application must be installed on all computers. As long as it gets the latest updates and is kept active on the system, malware will not have a chance to infiltrate the computer.

August Stealer should be dropped in the Music folder under the ljoyoxu.pkzip name, specialists say, so, theoretically, victims might be able to remove it from their systems themselves; however, in our opinion, such nasty malicious applications as August Stealer should be deleted using an automated malware remover because there is a possibility that other malicious components have been dropped by it on the system too. It is very important to remove them all to clean the system. 100% FREE spyware scan and
tested removal of August Stealer*


Leave a Comment

Enter the numbers in the box to the right *